Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-25817 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud server is an open source, personal cloud implementation.
network
low complexity
nextcloud CWE-732
8.1
2023-03-27 CVE-2023-1135 Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.
local
low complexity
deltaww CWE-732
7.8
2023-03-27 CVE-2023-27096 Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J 1.4.3
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.
network
low complexity
opengoofy CWE-732
6.5
2023-03-23 CVE-2022-3101 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in tripleo-ansible.
local
low complexity
redhat openstack CWE-732
5.5
2023-03-23 CVE-2022-3146 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in tripleo-ansible.
local
low complexity
redhat openstack CWE-732
5.5
2023-03-16 CVE-2023-27084 Incorrect Permission Assignment for Critical Resource vulnerability in Iteachyou Dreamer CMS 4.0.1
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
local
high complexity
iteachyou CWE-732
5.3
2023-03-16 CVE-2023-27095 Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
network
low complexity
opengoofy CWE-732
6.5
2023-02-23 CVE-2023-24205 Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml).
network
low complexity
clash-project CWE-732
critical
9.8
2023-02-16 CVE-2022-25992 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi-Cli
Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-02-09 CVE-2022-21939 Incorrect Permission Assignment for Critical Resource vulnerability in Johnsoncontrols Metasys System Configuration Tool
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
network
low complexity
johnsoncontrols CWE-732
6.1